Loading...
Loading...
Found 1,470 Skills
Manage Harness Software Supply Chain Assurance (SSCA) via MCP. Configure automated SBOM generation with CycloneDX or SPDX formats, set up artifact signing and attestation with Cosign, define supply chain security policies using OPA, and track SLSA provenance levels. Use when asked to generate SBOMs, sign artifacts, enforce supply chain policies, track software provenance, or manage SLSA compliance. Do NOT use for OPA pipeline governance policies (use create-policy instead) or vulnerability scanning (use security-report instead). Trigger phrases: SBOM, software bill of materials, supply chain security, SLSA, artifact signing, cosign, provenance, attestation, CycloneDX, SPDX, supply chain policy.
Create OPA governance policies for Harness via MCP. Define policies that enforce compliance rules on pipelines, services, environments, feature flags, artifacts, code repositories, templates, SBOM, security tests, Terraform, GitOps, connectors, secrets, and more. Use when asked to create, write, fix, or explain an OPA policy, Rego rule, deny rule, governance policy, compliance rule, or policy-as-code for any Harness entity. Trigger phrases: create policy, OPA policy, governance policy, compliance rule, rego policy, deny rule, enforce policy, security policy, supply chain governance.
Brownfield onboarding — audits existing project artifacts for template format compliance (not just existence), classifies gaps by impact, and produces a numbered migration plan. Run this when joining an in-progress project or upgrading from an older template version. Distinct from /project-stage-detect (which checks what exists) — this checks whether what exists will actually work with the template's skills.
Validates a UX spec, HUD design, or interaction pattern library for completeness, accessibility compliance, GDD alignment, and implementation readiness. Produces APPROVED / NEEDS REVISION / MAJOR REVISION NEEDED verdict with specific gaps.
This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source dependencies in CI/CD pipelines. It addresses scanning package manifests and lockfiles, automated fix pull request generation, license compliance checking, continuous monitoring of deployed applications, and integration with GitHub, GitLab, and Jenkins pipelines.
Use when reviewing dashboard JSON changes in a PR or branch. Extracts structured descriptions with kbdash, compares before/after, and checks guideline compliance.
Audit claude-skills with systematic 9-phase review: standards compliance, official docs verification, code accuracy, cross-file consistency, and version drift detection. Use when investigating skill issues, major updates detected, skill not verified >90 days, or before marketplace submission.
Implement comprehensive cloud security across AWS, Azure, and GCP with IAM, encryption, network security, compliance, and threat detection.
Workflow step compliance guidance with mandatory step reminders and visual progress tracking. Reminds Claude to complete all workflow steps before PR creation.
This skill should be used when the user asks to "create privacy policy", "write terms of service", "legal pages", "cookie policy", "disclaimer", or mentions GDPR, CCPA, or legal compliance. Creates clear, compliant legal pages that protect the business while maintaining readability.
Reduces attack surface across OS, container, cloud, network, and database layers using CIS Benchmarks and zero-trust principles. Use when hardening production infrastructure, meeting compliance requirements, or implementing defense-in-depth security.
Review code for Government of Canada authentication and identity management compliance. Checks OIDC implementations, session security, scope minimization, logout handling, and RBAC integration against ITSG-33 and TBS security standards.